|
Simple Bot Check without Captcha
|
We've all seen the Captcha bot checks all over the place these days.
Sometimes they're easy to read, and other times (youTube) they're
pretty difficult. The purpose of Captcha is to dynamically generate an
image with a string of text in it. Then warp the text so it's not easy
for bots to scrape and get past your security. Some websites warp the
image so much that it's hard for us humans to determine what was
written in that image.
So,
here's an simpler bot check that asks a basic math question, and if the
user gets it wrong, the process, whatever it may be, will die a quick
death.
For my example, I'm going to show how this would be used in a simple contact form.
Underneath your post sanitization, setup your question something like this:
$range = range(1, 20);
$q1 = rand(1, 20);
$q2 = rand(1, 20);
$_SESSION['bot_check'] = $q1 + $q2;
This will generate 2 random numbers between 1 and 20, and then save the sum of those 2 numbers into a session variable.
Next, we'll add the question to our form:
<strong>Bot Check</strong><br />
Answer this simple question:
<strong><?php echo $q1 . ' + ' . $q2 . ' ='; ?>
<input type='text' name='bot_check' style='width: 25px;' />
Pretty straightforward.
Now
we'll actually check to make sure they got the question right. Inside
your sanity checks (where you make sure email addresses are in the
correct format, required fields are not empty, etc), add this check
before sending the potential spam to yourself:
if ($_POST['bot_check'] != $_SESSION['bot_check']) {
$error .= "You got the simple math question wrong. Your probably a bot.<br />n";
}
That's it. It's certainly not as secure as a well written captcha script, but it's quick, simple, and better than nothing ;)
If you have any questions, I'd love to see a comment sometime in this site's lifetime =)
No Comments